{ config, lib, pkgs, ... }:

with lib;
let
  cfg = config.modules.services.nextcloud;
in
{
  options.modules.services.nextcloud = {
    enable = mkEnableOption "Nextcloud instance";

    domain = mkOption { type = types.str; };
    realHost = mkOption { type = types.str; default = "nextcloud.${cfg.domain}"; };

    ssl = {
      enable = mkEnableOption "SSL for the instance";
      acmeHost = mkOption {
        type = types.nullOr types.str;
        default = null;
        description = "ACMEHost for the certificate";
      };
    };

    secrets = {
      admin-pass = mkOption { type = types.path; };
    };
  };

  config = mkIf cfg.enable {
    assertions = [
      {
        assertion = cfg.ssl.enable -> cfg.ssl.acmeHost != null;
        message = "ssl.acmeHost must be set when enabling SSL";
      }
    ];

    services.nextcloud = {
      enable = true;

      package = pkgs.nextcloud29;
      database.createLocally = true;
      hostName = cfg.realHost;

      nginx.recommendedHttpHeaders = true;
      maxUploadSize = "512G";
      https = cfg.ssl.enable;

      home = "/smol/core/nextcloud";
      enableImagemagick = true;

      caching = {
        apcu = true;
        redis = true;
        memcached = true;
      };

      configureRedis = true;

      phpOptions = {
        # Fix opcache "buffer is almost full"
        "opcache.interned_strings_buffer" = 16;
        "opcache.jit" = 1255;
        "opcache.jit_buffer_size" = "128M";
        max_execution_time = 3600;
        max_input_time = 3600;
      };

      extraApps = with config.services.nextcloud.package.packages.apps; {
          inherit
            memories
            contacts
            calendar
            tasks
            bookmarks
            deck
            forms;
      };

      autoUpdateApps = {
        enable = true;
        startAt = "03:00";
      };

      settings = {
        # Required for Logging App to function
        log_type = "file";

        # 00:00 AEST
        maintenance_window_start = 13;

        enabledPreviewProviders = [
          ''OC\Preview\Image'' # alias for png,jpeg,gif,bmp
          ''OC\Preview\HEIC''
          ''OC\Preview\TIFF''
          ''OC\Preview\Movie''
        ];

        "memories.exiftool" = lib.getExe pkgs.exiftool;
        "memories.ffmpeg_path" = lib.getExe' pkgs.ffmpeg-headless "ffmpeg";
        "memories.ffprobe_path" = lib.getExe' pkgs.ffmpeg-headless "ffprobe";
        "memories.vod.ffmpeg" = lib.getExe' pkgs.ffmpeg-headless "ffmpeg";
        "memories.vod.ffprobe" = lib.getExe' pkgs.ffmpeg-headless "ffprobe";
      };

      config = {
        dbtype = "pgsql";
        adminuser = "admin";
        adminpassFile = cfg.secrets.admin-pass;
      };
    };

    services.nginx.virtualHosts.${cfg.realHost} = mkIf cfg.ssl.enable {
      forceSSL = true;
      useACMEHost = cfg.ssl.acmeHost;
    };

    systemd.services.nextcloud-cron = {
      path = with pkgs; [ perl ];
      # preStart = "${pkgs.coreutils}/bin/chmod +x ${config.services.nextcloud.home}/store-apps/memories/bin-ext/*";
    };

  };
}